| VID |
19005 |
| Severity |
40 |
| Port |
53 |
| Protocol |
TCP,UDP |
| Class |
DNS |
| Detailed Description |
The remote BIND daemon, according to its version number, is vulnerable to various buffer
overflows. This vulnerability may allow an attacker to execute privileged commands or code with the same permissions as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges.
The BIND version checked by secuiscan are vulnerable to the attacks described in the following:
1. "tsig bug" : BIND version 8 contains a buffer overflow in the implementation of Transaction Signatures (TSIG) for DNS security as defined in RFC 2845. Because the overflow occurs within the initial processing of a DNS request, both recursive and non-recursive DNS servers are vulnerable, independent of the DNS security configuration.
Versions affected : 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3, 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
2. "complain bug" : It is possible to overflow the buffer used by sprintf in nslookupComplain().
Versions affected : 4.9.3, 4.9.4, 4.9.5, 4.9.5-P1, 4.9.6, 4.9.7, possible earlier versions of BIND 4.9.x except for BIND 4.9.8.
* BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocol distributed by the Internet Software Consortium (www.isc.org).
* References:
http://www.isc.org/products/BIND/bind-security.html |
| Recommendation |
The most recent release of BIND, version 9, is not susceptible to these attacks. Upgrading to BIND version 9.1 is strongly recommended. If that is not possible for your site, upgrading at least to BIND version 8.2.3 and 4.9.8 is imperative. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
